Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1334
Views
1
Helpful
1
Replies

Cisco ISE Posture check for Multiple Vendors on Requirements

Go to solution
rafliraditya
Level 1
Level 1

‎05-30-2023 03:30 AM - edited ‎05-30-2023 04:17 AM

This is pretty similar with /3819944 but the solution is not quite what I'm looking for. We don't want a posture policy where endpoint is considered Compliant if there's ANY antivirus installed/running.


This posture policy needs to have requirements for multiple antivirus vendors. The endpoint will be deemed compliant if it has one of the following installed:

  • Antivirus A of these specific patches
  • Antivirus B of these specific patches
  • Antivirus C of these specific patches

The problem is that when I try to insert multiple requirements, such as antivirus A, antivirus B, and antivirus C, the security scan will mark the endpoint as non-compliant if any of the antiviruses are missing. In summary, currently multiple requirements are possible, but they must all be met for the endpoint to be compliant.

I tried creating a compound condition that includes patch management and antivirus requirements, but for some reason patch management and antivirus conditions can't be made into compound condition.

I also tried inserting multiple conditions into a single requirement element, but the policy interpreted them as an AND condition instead of an OR condition.

Cisco ISE is version 3.1

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Divya Jain
Cisco Employee
Cisco Employee

‎06-15-2023 06:24 AM - edited ‎06-16-2023 03:00 AM

Hi,
From what i know these are the only available posture options
ref : https://community.cisco.com/t5/security-knowledge-base/ise-posture-prescriptive-deployment-guide/ta-p/3680273#toc-hId-1575202696

You should be able to do it with Compound posture conditions. It depend on your AV as well. 

Ref : https://www.cisco.com/c/en/us/td/docs/security/ise/2-7/admin_guide/b_ise_27_admin_guide/b_ISE_admin_27_compliance.html?bookSearch=true#reference_B624962CB60C4298A1030014F8D056A7




Regards

Divya Jain

View solution in original post

1 Reply 1

Go to solution
Divya Jain
Cisco Employee
Cisco Employee

‎06-15-2023 06:24 AM - edited ‎06-16-2023 03:00 AM

Hi,
From what i know these are the only available posture options
ref : https://community.cisco.com/t5/security-knowledge-base/ise-posture-prescriptive-deployment-guide/ta-p/3680273#toc-hId-1575202696

You should be able to do it with Compound posture conditions. It depend on your AV as well. 

Ref : https://www.cisco.com/c/en/us/td/docs/security/ise/2-7/admin_guide/b_ise_27_admin_guide/b_ISE_admin_27_compliance.html?bookSearch=true#reference_B624962CB60C4298A1030014F8D056A7




Regards

Divya Jain

Customers Also Viewed These Support Documents